December 9, 2009

Fedora 10 Security Update: rubygem-actionpack-2.1.1-5.fc10

Article Source Fedora 10 Security Updates
December 9, 2009, 7:28 pm

Resolved Bugs
542786 - rubygem-actionpack: XSS weakness in strip_tags
544329 - rubygem-actionpack: Potential CSRF protection circumvention

Two security issues are found on activepack shipped on Fedora 10. One bug is that there is a weakness in the strip_tags function in ruby on rails (bug 542786, CVE-2009-4214). Another one is a possibility to circumvent protection against cross-site request forgery (CSRF) attacks (bug 544329). This new rpm will fix these issues...

Read More 

Click Here!